Flaw found in anti-virus software


Flaw found in anti-virus software

Antony Savvas
Products from three popular anti-virus software companies have been found to contain a programming flaw that allows a hacker to crash a user's desktop PC.

Products from Network Associates, Trend Micro and Kaspersky Lab are affected, according to an advisory from German security company AERAsec.

Anti-virus software provides a built-in decompression engine to scan for viruses in compressed files. AERAsec has reported that the decompression engines from the three affected suppliers do not appear to cope with very large bzip2 compressed files.

This can lead to the hard disk filling up and high CPU usage, which results in the PC slowing down as the decompression engine processes the large file.

Kaspersky, whose AntiVirus for Linux was affected, said it had already issued a patch and was now "busy developing a new anti-mail bomb technology that can protect users against such attacks generically".

Trend Micro has published a fix on its website to address the threat to its InterScan Viruswall products for Linux, Solaris, AIX, HP-UX and Sendmail systems.

Network Associates, whose McAfee Virus Scan for Linux v4.16.0 could be affected, said its engineers were addressing the problem.

Dr Peter Bieringer, a partner at AERAsec said, "We are testing other products and we expect to find further problems."

Last week Symantec was forced to correct a problem with its LiveUpdate automatic patch system and also its Norton Anti-Virus software that prevented users from using other applications like Word and Excel.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy